|
|
packet filtering
defined, 520
dynamic, 508
stateful, 109–110
packet filters, 107
packet sniffing, 198–199
packet switching, 520
pad, 520
partitioning networks, 263–264, 264, 520
PASS method for fire extinguishers, 275
passive detection, 520
passive responses, 180–181
defined, 520
logging, 180
notification, 181
shunning, 181
Password Authentication Protocol, 520
passwords
password guessing attacks, 58, 520
password history, 520
social engineering attacks via, 87
unacceptable, 345
username/password authentication, 13, 13
Pastore, Mike, xxxvii
patches, 232–233, 521
Patriot Act, 485
PBX (Private Branch Exchange) systems, 115–116, 116, 522
penetration, 521
perimeter security, 261–262, 261, 521
personnel policies, 423–427
Acceptable Use policies, 425–426, 462–463, 500
background investigations, 427
ethics, 424–425
for hiring, 423–424
Need to Know policies, 426–427, 518
overview, 434
privacy and compartmentalization, 426
termination policies, 424
PGP (Pretty Good Privacy), 363, 370, 370, 522
phage viruses, 82, 521
phreaker, 116
Physical Access Control policies, 428–429, 521
physical barriers, 259, 260, 521
physical cryptography, 311–313
hybrid systems, 313
steganography, 311, 312
substitution ciphers, 311–312
transposition ciphers, 312
physical layer, 521
physical security, 258–276
access control, 259–266
biometrics, 265–266, 503
evaluating security systems, 264–265
partitioning, 263–264, 264, 520
perimeter security, 261–262, 261, 521
physical barriers for, 259, 260, 521
security zones, 262–263, 263
defined, 521
detecting breaches in, 262
environmental security, 267–276
environmental control systems, 270–271
fire suppression, 274–276, 275, 510
location and security, 269–270
power systems, 271–272
shielding, 272–274, 273
wireless cells, 268–269
overview, 4–5, 4, 258
social engineering attacks, 86–87, 266–267
Ping, 521
Ping of Death, 521
PKC (Public Key Cryptography), 323
PKI. See Public Key Infrastructure
PKIX/PKCS, 363–364
Plain Old Telephone Service (POTS), 114, 522
platform hardening, 120
point-to-point, 521
Point-to-Point Protocol (PPP), 123–124, 521
Point-to-Point Tunneling Protocol (PPTP), 126, 521
polymorphic viruses, 79–80, 521
POP (Post Office Protocol), 61, 130, 521
Port Address Translation, 521
port scanner, 521
port scans, 69–70
ports
defined, 128, 521
TCP and UDP, 65–66
vulnerability of open, 132
post mortems, 191, 522
Post Office Protocol (POP), 61, 130, 521, 522
POTS (Plain Old Telephone Service), 114, 522
power conditioners, 271, 522
power systems, 271–272, 522
PPP (Point-to-Point Protocol), 123–124, 521
PPTP (Point-to-Point Tunneling Protocol), 126, 521
preparing for Security+ exam. See Security+ exam
Presentation layer, 522
preservation of evidence, 458, 522
Pretty Good Privacy (PGP), 363, 370, 370, 522
preventive security measures, 9–10, 466
previous keys, 382
print servers, 240
privacy
background investigations, 427
dealing ethically with sensitive information, 467
defined, 522
information policies on, 426
instant messaging and, 199
regulations, 482–486
Computer Fraud and Abuse Act, 483–484
Cyber Security Enhancement Act, 485
Cyberspace Electronic Security Act, 484–485
FERPA, 484
Gramm Leach Bliley Act of 1999, 483, 510
HIPAA, 482–483, 511
international laws, 485–486
Patriot Act, 485
Private Branch Exchange (PBX) systems, 115–116, 116, 522
private information, 288–289
defined, 522
internal information, 289, 513
restricted information, 289, 524
private keys
defined, 322, 522
protecting, 332, 378
privilege auditing, 437, 522
privilege escalation, 522
privilege management, 432–439
auditing, 436–437
escalation audits, 438
privilege, 437, 522
reports to management, 439
usage, 437–438
privilege decision making, 435–436
single sign-on, 434–435, 435
user and group role management, 432–433, 434
process list, 522
promiscuous mode, 68, 523
protocol analyzer, 523
protocols
for Application layer, 61
common, 20–21
connection-oriented, 66, 505
defined, 523
enabling and disabling services and, 235
FTP function as, 137
hardening and configuring network, 218–221
ISAKMP, 366–367, 367
nonessential, 21
remote access, 524
susceptibilities
of AppleTalk protocol, 173
of Microsoft product line, 170–173
of Novell product line, 170–171, 171
of TCP/IP, 68–75, 169–170
of UNIX Network File System, 173, 173
WAP, 121–122, 194–195, 195
proxies
circuit-level, 109
defined, 523
FTP, 510
IP, 514–515
proxy firewalls, 107–109, 107, 523
proxy server, 523
web, 533
Public Domain Cryptography, 363
public information, 286–288
defined, 286–287, 523
full distribution, 288, 510
limited distribution, 287–288, 516
Public Key Cryptography (PKC), 323
Public Key Cryptography Standards (PKCS), 364, 523
Public Key Infrastructure (PKI), 323, 331–343
certificate authority, 332–333, 333
certificate revocation, 337–338, 338
certificates, 335–337, 336
defined, 331–332, 523
RAs and LRAs, 333–335
trust models, 338–343
bridge, 339–340, 341
hierarchical, 339, 340
hybrid, 342–343, 342
mesh, 341–342, 341
overview, 338–339
Public Key Infrastructure X.509 (PKIX), 363, 523
public-key system, 323, 523
public keys. See also Public Key Infrastructure
defined, 322, 523
publishing, 331
public networks, 523
|
|